EN2720 Ethical Hacking 7.5 credits

In this course, you will learn penetration testing, i.e.cybersecurity assessment of computer networks by offensive methods. These methods aim to find and exploit vulnerabilities in software systems. The main project of the course is rigged as a game, where you are required to explore and exploit a virtual computer network in order to exfiltrate specific pieces of data.
While the course formally only requires the completion of an introductory programming course, it is strongly recommended that you are also comfortable with networking and operating systems.
About course offering
For course offering
Autumn 2022 Start 29/08/2022 programme students
Target group
Open for all programmes as long as it can be included in your programme.
Part of programme
Degree Programme in Computer Engineering, åk 3, DPU2, Conditionally Elective
Degree Programme in Computer Engineering, åk 3, SAIN, Recommended
Degree Programme in Electronics and Computer Engineering, åk 3, Recommended
Degree Programme in Engineering and Economics, åk 3, TIDA, Conditionally Elective
Degree Programme in Engineering and Economics, åk 3, TIDB, Conditionally Elective
Degree Programme in Engineering and Economics, åk 3, TIED, Conditionally Elective
Degree Programme in Engineering and Economics, åk 3, TIEL, Conditionally Elective
Master's Programme, Communication Systems, åk 2, ITE, Optional
Master's Programme, Communication Systems, åk 2, SMK, Optional
Master's Programme, Communication Systems, åk 2, TRN, Optional
Master's Programme, Computer Science, åk 2, CSSP, Recommended
Master's Programme, Cybersecurity, åk 1, Mandatory
Master's Programme, Information and Network Engineering, åk 1, Recommended
Master's Programme, Information and Network Engineering, åk 1, NWS, Recommended
Master's Programme, Information and Network Engineering, åk 2, Recommended
Master's Programme, Information and Network Engineering, åk 2, NWS, Recommended
Periods
P1 (7.5 hp)Duration
29/08/2022
28/10/2022
Pace of study
50%
Form of study
Normal Daytime
Language of instruction
English
Course location
KTH Campus
Number of places
Places are not limited
Planned modular schedule
No information inserted
Application
For course offering
Autumn 2022 Start 29/08/2022 programme students
Application code
50042
Contact
For course offering
Autumn 2022 Start 29/08/2022 programme students
Contact
Pontus Johnson
Examiner
No information insertedCourse coordinator
No information insertedTeachers
No information insertedContent and learning outcomes
Course contents
The main activity of the course is a project where students independently attack a corporate computer network with the aim of exfiltrating specific information. The network is rigged by the course responsibles in a virtual environment. To carry out the attack, the students are free to use their imagination and tools available on Internet. Tools for network and vulnerability scanning, platforms for exploit development, command and control, passwork creacking, etc. are presented during the course, but students are free to employ methods and tools of their own choice.
Intended learning outcomes
Ethical hackers are contracted for practical assessment of computer network security. For an effective defense against cyber attacks, a deep understanding of attackers' available range of action is required. After completed course, the student should therefore be able to
- perform reconnaissance, identifying and selecting targets for attack, e.g. by means of network scanning
- identify vulnerabilities in network equipment and applications
- customize exploits for software vulnerabilities
- deploy and execute exploits on vulnerable systems,
- install and use remote access trojans for remote system control
- identify password files and extract passwords
- exfiltrate data
- implement solutions to strengthen the information security of computer networks
- carry out legal and ethical security testing.
Course disposition
Literature and preparations
Specific prerequisites
Knowledge and skills in programming, 6 higher education credits, equivalent to completed course DD1310/DD1311/DD1312/DD1314/DD1315/DD1316/DD1318/DD1331/DD100N/ID1018.
Recommended prerequisites
We strongly recommend that you have some familiarity with communication networks (for example EP1100 Data communication and computer networks) and operating systems (for example ID1206 Operating systems). If you do not, please plan for significantly a higher course load than otherwise expected.
Equipment
Literature
Examination and completion
If the course is discontinued, students may request to be examined during the following two academic years.
Grading scale
Examination
- INL2 - Home assignment, 0.5 credits, grading scale: P, F
- PROA - Project, 7.0 credits, grading scale: A, B, C, D, E, FX, F
The examiner may apply another examination format when re-examining individual students.
Opportunity to complete the requirements via supplementary examination
Opportunity to raise an approved grade via renewed examination
Examiner
Ethical approach
- All members of a group are responsible for the group's work.
- In any assessment, every student shall honestly disclose any help received and sources used.
- In an oral assessment, every student shall be able to present and answer questions about the entire assignment and solution.
Further information
Course web
Further information about the course can be found on the Course web at the link below. Information on the Course web will later be moved to this site.
Course web EN2720Offered by
Main field of study
Education cycle
Add-on studies
Contact
Transitional regulations
The earlier written assignment INL1 has been replaced by INL2.
Supplementary information
In this course, the EECS code of honor applies, see:
http://www.kth.se/en/eecs/utbildning/hederskodex.